Compare commits

..

No commits in common. "2fc2bdcabbb827b4cd7fa68d05333e42fa54505a" and "fb133f9cba98202c2e2da3b8be559424a4c3721f" have entirely different histories.

6 changed files with 6 additions and 31 deletions

View file

@ -128,7 +128,6 @@ def create_app(settings: Settings | None = None) -> FastAPI:
)
# Rate limiting
limiter.enabled = settings.rate_limit_enabled
app.state.limiter = limiter
@app.exception_handler(RateLimitExceeded)

View file

@ -52,9 +52,6 @@ class Settings(BaseSettings):
# Magic links
invite_ttl: int = 86400 # seconds
# Rate limiting (disable for e2e/load tests that authenticate repeatedly)
rate_limit_enabled: bool = True
# Signing keys
signing_key_path: str = "data/keys"

View file

@ -38,8 +38,7 @@
{% else %}
<p>No password set.</p>
{% endif %}
<div id="password-error"></div>
<form hx-post="/manage/credentials/password" hx-target="#password-error" hx-swap="innerHTML">
<form hx-post="/manage/credentials/password" hx-target="#password-section" hx-swap="innerHTML">
<input type="hidden" name="csrf_token" value="{{ csrf_token_processor(request) }}">
{% if has_password %}
<div>

View file

@ -42,7 +42,6 @@ test.describe('Credentials page', () => {
test.describe('Password validation', () => {
test('shows mismatch error', async ({ page }) => {
await page.fill('#current_password', fixtures.cred_password);
await page.fill('#password', 'newpassword1');
await page.fill('#confirm', 'newpassword2');
await page.click('#password-section button[type="submit"]');
@ -52,23 +51,6 @@ test.describe('Credentials page', () => {
await expect(alert).toContainText('do not match');
});
test('keeps the password form visible after a validation error', async ({ page }) => {
await page.fill('#current_password', fixtures.cred_password);
await page.fill('#password', 'newpassword1');
await page.fill('#confirm', 'newpassword2');
await page.click('#password-section button[type="submit"]');
const alert = page.locator('#password-section [role="alert"]');
await expect(alert).toBeVisible({ timeout: 5000 });
// Regression: the form and its inputs must NOT disappear on error.
await expect(page.locator('#password')).toBeVisible();
await expect(page.locator('#confirm')).toBeVisible();
await expect(
page.locator('#password-section button[type="submit"]'),
).toBeVisible();
});
test('password input has minlength="8"', async ({ page }) => {
await expect(page.locator('#password')).toHaveAttribute('minlength', '8');
});
@ -80,9 +62,8 @@ test.describe('Credentials page', () => {
test.describe('Password change', () => {
test('succeeds with matching passwords', async ({ page }) => {
await page.fill('#current_password', fixtures.cred_password);
await page.fill('#password', 'purple-tiger-mountain-42');
await page.fill('#confirm', 'purple-tiger-mountain-42');
await page.fill('#password', 'newpassword123');
await page.fill('#confirm', 'newpassword123');
await page.click('#password-section button[type="submit"]');
const status = page.locator('#password-section [role="status"]');

View file

@ -30,8 +30,8 @@ test.describe('Full user journey', () => {
await expect(passwordInput).toBeVisible();
await expect(confirmInput).toBeVisible();
await passwordInput.fill('purple-tiger-mountain-42');
await confirmInput.fill('purple-tiger-mountain-42');
await passwordInput.fill('mypassword123');
await confirmInput.fill('mypassword123');
await page.click('#password-section button[type="submit"]');
// Wait for success message
@ -51,7 +51,7 @@ test.describe('Full user journey', () => {
// ---- Step 4: Login with the password we just set ----
await page.fill('#username', fixtures.register_username);
await page.fill('#password', 'purple-tiger-mountain-42');
await page.fill('#password', 'mypassword123');
await page.click('form[hx-post="/login/password"] button[type="submit"]');
// Wait for redirect to credentials page

View file

@ -28,7 +28,6 @@ echo "Starting Porchlight on port ${PORT}..."
echo " DB: ${OIDC_OP_SQLITE_PATH}"
OIDC_OP_ISSUER="${TARGET_URL}" \
OIDC_OP_DEBUG=true \
OIDC_OP_RATE_LIMIT_ENABLED=false \
uv run --directory "$PROJECT_ROOT" \
uvicorn porchlight.app:create_app \
--factory --host 127.0.0.1 --port "$PORT" \